Latest Comments

Stats

SMM, or System Management Mode is the most powerful thing running your Intel-based computer right now. It is everything to everything. What would happen if that could be compromised? Disaster! Even worse, this mode is built into ALL Intel CPU cache controllors.

System Management Mode (SMM) is the most privileged CPU operation
mode on x86/x86_64 architectures.

It is essentially "Ring -2". The code executing in SMM has more privileges than hypervisors (VT), which are colloquially referred to as if operating in "Ring -1".

The protection of SMM can be trivially circumvented. This means that if you have an Intel CPU in your computer it is very important to update everything you can, and do it now! When the real rootkit comes out, which is probably hours from now based upon hacker persistance levels of late, you are doomed! Doomed I say!

A talk was given today at CanSecWest on this defcon level (yes you'd better turn that thing up too) paper by Loic Duflot also of Invisible Things Lab.